Meaner Code Red worm appears in Asia

Meaner Code Red worm appears in Asia

BEIJING (Reuters): A meaner version of the Code Red Internet
worm has made its first appearance in Asia, infesting dozens of
computers in China, security experts said on Tuesday.

South Korea was trying to determine whether it was this
pernicious worm which had attacked government computers and Hong
Kong also reported at least one confirmed infection.

China's Ministry of Public Security issued a national alert to
police urging swift action to prevent the spread of the Code Red
II worm, which can rig computers to attack others as well as
expose information, such as credit card numbers, they store.

"We've discovered that computer systems at some work units and
government departments have been infected with this virus,
disturbing normal working conditions," said the statement seen by
Reuters.

"The situation is beginning to move more quickly and spread
more widely this week," said a technical support manager at
Beijing Rising Technology Corp, a virus protection company.

South Korea reported its first Code Red outbreak as servers at
a cluster of government offices were hit, sparking a shutdown of
some systems to prevent it spreading further.

The computer worm froze a computer network linking government
offices in Taejon, about 140 km (85 miles) south of Seoul, the
Ministry of Government Administration and Home Affairs said.

It was not immediately clear whether it was the more
pernicious variant, discovered on Saturday, of the Code Red worm
which first struck last month, a ministry official said.

Offices of the Korea Forestry Service, Cultural Properties
Administration and Industry Property Office were affected.

The official said Internet links between the offices and
government offices in Seoul were severed to try to prevent the
worm from spreading.

In Hong Kong, a spokesman from the government-sponsored Hong
Kong Computer Emergency Response Team Coordination Center
(HKCERT) said it had received one report of "Code Red II"
infection and three reports of attempts to sneak into computers.

He declined to say whether any government department had been
affected.

The worm began showing up on Chinese computers despite claims
last week that Chinese-language versions of the vulnerable
operating systems were immune to the virus.

Beijing Rising Technology knew of several dozen Chinese
computers which had been attacked by the Code Red II worm,
including computers at universities, government agencies and
large Chinese companies, the technical manager said.

It infects computers running Microsoft's Windows NT or 2000
operating systems and its Internet Information Server Web
software.

Last week, some security experts said Chinese-language
versions of the Microsoft operating systems were immune to the
worm, but the Rising expert said it could infect computers using
Chinese-language versions.

Reports in Indian newspapers last week said the Code Red worm
had been traced to a computer at the University of Foshan in
China's southern province of Guangdong.

But a laboratory technician who answered the phone at the
university's computer department on Tuesday said he was surprised
to learn of the reports because the school had been on vacation
since July 6 and was being refurbished.

"All the students are on vacation and we're under
construction. Even the electricity is down," said the technician,
who gave his surname as Hu.

A free software patch with instructions is available at
http://www.digitalisland.net/codered/. The Mercury Interactive
Web is also offering free vulnerability scans for Code Red.